similar to: [PATCH] Use credentials and permissions on control socket where available

This approach is more complex than I'd like, but it works even on Solaris, which has neither credential passing nor permissions on the socket itself. --- src/control.c | 82 +++++++++++++++++++++++++++++++++++++++----------- src/control_common.h | 1 + src/tincctl.c | 67 +++++++++++++++++++++++++++++++++-------- src/tincd.c | 2 +- 4 files changed, 120

(Second try to send this. I wonder if the first one gotten eaten by a spam filter; I'll link to patches instead of attaching them.) Here are the tincctl patches I've been working on. They apply to http://www.tinc-vpn.org/svn/tinc/branches/1.1@1545. I intend to commit them once the crypto stuff's fixed. Since they're basically done, I'm emailing them now for review and in case

The attached patch removes the duplicated credentials cache generation code in auth-krb5.c and gss-serv-krb5.c, by turning it into a procedure which is then called by both sections of code. It's against the latest portable CVS tree. Cheers, Simon. -------------- next part -------------- Index: auth-krb5.c =================================================================== RCS file:

If you like running QEMU as a normal user (very common for TCG runs) but you have to run virtiofsd as a root user you run into connection problems. Adding support for an optional --socket-group allows the users to keep using the command line. Signed-off-by: Alex Benn?e <alex.bennee at linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha at redhat.com> --- v1 - tweak documentation and

There is a race in the setup of the ControlMaster socket in auto mode, as illustrated by the following command line: ssh -oControlMaster=auto -oControlPath=sock localhost 'sleep 1; echo 1' & ssh -oControlMaster=auto -oControlPath=sock localhost 'sleep 2; echo 2' & Both of the commands will try to start up as a control client, find that sock does not exist, and switch into

If the rsyncd.conf has a line such as: log file = /var/log/rsync/log and /var/log/rsync doesn't exist or isn't a directory (or the log file can't be opened for any other reason), then there's no warning whatsoever, as rsync forks itself into the background before checking the config, opening the log file, etc. Worse still, it gets a SIGSEGV, and dumps core. Here's a strace

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

Cheers, - Salva $ diff -c mux.c~ mux.c *** mux.c~ 2008-06-14 01:01:54.000000000 +0200 --- mux.c 2008-12-04 12:24:45.000000000 +0100 *************** *** 148,153 **** --- 148,154 ---- error("ControlSocket %s already exists, " "disabling multiplexing", options.control_path); close(muxserver_sock); + umask(old_umask);

Hi, At the n2k10 OpenBSD network hackathon, I finally got some time to clean up and rewrite the ssh(1) client multiplexing code. The attached diffs (one for portable OpenSSH, one for OpenBSD) are the result, and they need some testing. The revised multiplexing code uses a better protocol between the master and slave processes and I even bothered to write it up :) It tracks the control sockets

This allows users to start an independent instance of unicorn on a the same port as a running unicorn (as long as both instances use :reuseport). ref: https://lwn.net/Articles/542629/ --- lib/unicorn/configurator.rb | 19 +++++++++++++++++++ lib/unicorn/socket_helper.rb | 30 ++++++++++++++++++++++-------- test/unit/test_socket_helper.rb | 8 ++++++++ 3 files changed, 49 insertions(+), 8

Only the short -b option is missing, --batch works as expected. - todd diff --git a/src/tincctl.c b/src/tincctl.c index 9eb9a1b..766b769 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -168,7 +168,7 @@ static bool parse_options(int argc, char **argv) { int r; int option_index = 0; - while((r = getopt_long(argc, argv, "+c:n:", long_options, &option_index)) != EOF) { +

First off, thanks to all who have made tinc possible and continue to work developing it. I hope perhaps in time I can become a useful part of this community. :) I'm having an interesting issue with tincctl and was hoping someone could shed some light on it. Everything seems to work correctly when I build for OSX; however on linux and windows builds, I always receive connection

I cant restart my tincd with 'tincctl restart -n $NETNAME' I get the message: 'Could not restart tinc daemon' It works with 'tincctl stop -n NETNAME && tincctl start -n NETNAME' but sometimes the /var/run/tinc.$NETNAME.pid file is missing so I need to kill tinc manually

On Tue, Dec 11, 2018 at 02:36:18PM +0800, Amit Lianson wrote: > We're suffering from sporadic network blockage(read: unable to ping > other nodes) with 1.1-pre17. Before upgrading to the 1.1-pre release, > the same network blockage also manifested itself in a pure 1.0.33 > network. > > The log shows that there are a lot of "Got ADD_EDGE from nodeX >

> > Maybe I should allow the reachable keyword for the dump graph command as > well, so you can do: > > tincctl -n <netname> dump reachable graph > > ...and not see any nodes which are unreachable. Is that what you want? This would help since dead nodes do not clutter the visual representation. What are the effects, if any, of dead nodes in the hosts/ dir? Thanks

Hi Daniel, sorry. Here the requested stack trace. Best regards Holger ===================================================================================== Thread 18 (Thread 0x7f0d495e0700 (LWP 10742)): #0  0x00007f0d55e690bf in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 No symbol table info available. #1  0x00007f0d5892176a in virCondWait (c=c@entry=0x5557f238db28,

With pleasure we announce the release of tinc version 1.1pre5. Here is a summary of the changes: * Fixed long delays and possible hangs on Windows. * Fixed support for the tunemu device on iOS, the UML and VDE devices. * Small improvements to the documentation and error messages. * Fixed broadcast packets not reaching the whole VPN. * Tincctl now connects via a UNIX socket to the tincd

With pleasure we announce the release of tinc version 1.1pre5. Here is a summary of the changes: * Fixed long delays and possible hangs on Windows. * Fixed support for the tunemu device on iOS, the UML and VDE devices. * Small improvements to the documentation and error messages. * Fixed broadcast packets not reaching the whole VPN. * Tincctl now connects via a UNIX socket to the tincd

With pleasure we announce the release of version 1.1pre1. Here is a summary of the changes: * Control interface allows control of a running tinc daemon. Used by: * tincctl, a commandline utility * tinc-gui, a preliminary GUI implemented in Python/wxWidgets * Code cleanups and reorganization. * Repleacable cryptography backend, currently supports OpenSSL and libgcrypt. * Use libevent

With pleasure we announce the release of version 1.1pre1. Here is a summary of the changes: * Control interface allows control of a running tinc daemon. Used by: * tincctl, a commandline utility * tinc-gui, a preliminary GUI implemented in Python/wxWidgets * Code cleanups and reorganization. * Repleacable cryptography backend, currently supports OpenSSL and libgcrypt. * Use libevent